61 matches found
CVE-2024-56521
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
CVE-2024-56521
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
CVE-2024-56519
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...
CVE-2024-56520
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...
PT-2024-36831 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the unserializeTCPDFtag function, which uses loose comparison != and does not utilize a constant-time function to compare TCPDF tag hashes. This could potentially lead to...
CVE-2024-56519
TCPDF vulnerability CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family attribute, enabling potential impact per CVSS 3.1/7.5 (HIGH) with network attack vector and no user interaction. Affected library: TCPDF prior to 6.8.0. Mitigation: upgrade to 6.8.0 or later when available. Deb...
CVE-2024-56521
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
CVE-2024-56522
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
CVE-2024-56522
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
TCPDF 安全漏洞
TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. TCPDF version before 6.8.0 has a security vulnerability , the vulnerability stems from unserializeTCPDFtag use "! =" and does not use the constant-time function to compare TCPDF tag hashes...
CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
CVE-2024-56522
TCPDF vulnerability CVE-2024-56522 affects TCPDF before 6.8.0, where unserializeTCPDFtag uses loose comparison ( != ) and does not use a constant-time function to compare tag hashes. The issue is reported with CVSS v3.1: High (7.5) risk, network attack vector, no privileges required, no user inte...
CVE-2024-56522
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
CVE-2024-56519
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...
PT-2024-36832 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...
CVE-2024-56521
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
PT-2024-36830 · Tcpdf +2 · Tcpdf +2
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in TCPDF. If libcurl is used, CURLOPT SSL VERIFYHOST and CURLOPT SSL VERIFYPEER are set unsafely. Recommendations: For versions prior to 6.8.0, update to version 6.8.0 or late...
UBUNTU-CVE-2024-51058
Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...